Hi James,
> Hi All, > > I have a TAC case open for this but it's not going anywhere. We have > two remote 7606 chassis with a 10G link between them, we have two > separate 10G transit feeds, one landing on each chassis and then > downstream customers hanging off the chassis. > > R1 --10G-- R2 > > The problem is that for love nor money, I can't stop DSCP markings > coming in from the Internet on these remote PEs. Output from "show > modules", LAN line cards here and no DFCs so fairly pony: > > Mod Ports Card Type Model > --- ----- -------------------------------------- ----------------- > 1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX > 2 48 CEF720 48 port 1000mb SFP WS-X6748-SFP > 3 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX > 4 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE > 5 5 Route Switch Processor 720 10GE (Activ RSP720-3CXL-10GE > > On R1 Transit is via port Te4/3, Te4/1 is the link to R2 where my main > testing customer is connected. Since these 7600s had some existing QoS > configured via MQC so I simply added a policy-map (so there was no mls > trust statement and mls QoS is enabled globally); I don't think this is a supported configuration. Also, DFC vs PFC switching is not supposed to cause any differences from a feature perspective (PFC is supposed to clone the configuration, including QoS settings as-is to any DFCs). > I have removed the policy-map and since the port has no “mls qos trust > xxx” statement it should by default remove all incoming DSCP markings > (re-write to 0) however the customer is STILL seeing marked traffic > from the Internet and I can still see it via ELAM and local SPAN to a > Linux box in the PoP. I think you have to enable mls qos globally, otherwise it will not do anything at all. Be careful that you don't overload a specific queue when enabling mls qos. Check the list for further informations. Regards, Lukas _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/